Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SuperJuan has taken over my computer


  • Please log in to reply
9 replies to this topic

#1 4130

4130

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 25 November 2008 - 12:05 AM

Bought 2 years of NOD32 on good recommendation from someone else only to have it fail me.

SuperJuan is tryin to kill my computer.

I'm running Windows XP on an HP media center PC that is only a couple years old. I don't do anything crazy on it I just use it for music and videos in my loft and it's also hooked up to the internet for web browsing. Definitely downloaded a bunk mp3 though wow.

The file is called win32/adware.superjuan application

it's in c:\windows\system32\nkyzqh.dll

If anybody could point me in the right direction as to how to get this removed from my system it would be greatly appreciated. The constant pop ups and janky keyboard reactions are killing me!

Thanks

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 AM

Posted 25 November 2008 - 01:00 AM

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 4130

4130
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 26 November 2008 - 05:41 PM

Thanks for the quick reply Budapest. Here's the log from Mbam:

Malwarebytes' Anti-Malware 1.30
Database version: 1427
Windows 5.1.2600 Service Pack 3

11/26/2008 2:33:27 PM
mbam-log-2008-11-26 (14-33-27).txt

Scan type: Quick Scan
Objects scanned: 75874
Time elapsed: 11 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 24
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\bkdmgyjb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yayYppNe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gioqfv.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{828da773-b3d9-484c-af81-089390cf5243} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{828da773-b3d9-484c-af81-089390cf5243} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bdf5e198-f408-412b-9635-d9a97cc561c2} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{bdf5e198-f408-412b-9635-d9a97cc561c2} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{828da773-b3d9-484c-af81-089390cf5243} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bdf5e198-f408-412b-9635-d9a97cc561c2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{73259091-9574-4ed8-a40f-7f65afc28634} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ad7fafb0-16d6-40c3-af27-585d6e6453fd} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7c559105-9ecf-42b8-b3f7-832e75edd959} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{73259091-9574-4ed8-a40f-7f65afc28634} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-100005000004} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73259091-9574-4ed8-a40f-7f65afc28634} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\400e4f9e (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{73259091-9574-4ed8-a40f-7f65afc28634} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayyppne -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayyppne -> Delete on reboot.

Folders Infected:
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\snapsnet (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\gioqfv.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yayYppNe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\eNppYyay.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eNppYyay.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bkdmgyjb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bjygmdkb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ibniflnd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\icugae.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qgclyovd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\snapsnet\dPI191065.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regedit.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmd.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ping.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netstat.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tasklist.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tracert.com (Worm.Alcra) -> Quarantined and deleted successfully.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 AM

Posted 26 November 2008 - 09:24 PM

Reboot your computer, run the scan again and post the new log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 4130

4130
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 28 November 2008 - 05:04 PM

The scanner didn't find anything this time....does this mean that SuperJuan is gone?! here's the log, lemme know! thanks for all the help so far btw.

Malwarebytes' Anti-Malware 1.30
Database version: 1427
Windows 5.1.2600 Service Pack 3

11/28/2008 2:02:16 PM
mbam-log-2008-11-28 (14-02-16).txt

Scan type: Quick Scan
Objects scanned: 83053
Time elapsed: 14 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 AM

Posted 28 November 2008 - 05:18 PM

Run this scan as a double check:

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 4130

4130
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 06 December 2008 - 08:38 PM

Ok so I ran SD fix and it all went very smooth. No problems or hang ups at all. Can someone check over the report it gave me at the end and let me know if my computer is clean from all viruses or not? Thanks!





SDFix: Version 1.240
Run by HP_Administrator on Sat 12/06/2008 at 03:55 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\taskkill.com - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 16:18:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"="C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"="C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\LimeWire\\LimeWire 4.2.6\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire 4.2.6\\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 31 Dec 2004 221 ..SH. --- "C:\BOOT.BAK"
Fri 31 Dec 2004 204 A.SHR --- "C:\BOOTNXX.BAK"
Tue 19 Dec 2006 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Wed 5 Jan 2005 56 ..SHR --- "C:\WINDOWS\system32\CC2D522304.sys"
Thu 19 Apr 2007 131,247 A.SHR --- "C:\WINDOWS\system32\ope173.exe"
Sun 2 Jan 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 1 Dec 2008 782 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv10.bak"
Sun 29 Jun 2008 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv11.bak"
Sun 5 Oct 2008 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv12.bak"
Sat 29 Nov 2008 782 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv13.bak"
Fri 24 Oct 2008 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"
Wed 9 Apr 2008 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv16.bak"
Mon 17 Nov 2008 1,163 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv17.bak"
Sat 22 Nov 2008 782 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv18.bak"
Tue 21 Oct 2008 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv19.bak"
Tue 25 Nov 2008 24,576 ...H. --- "C:\Documents and Settings\HP_Administrator\My Documents\~WRL0910.tmp"
Tue 25 Nov 2008 27,136 ...H. --- "C:\Documents and Settings\HP_Administrator\My Documents\~WRL2204.tmp"
Tue 25 Nov 2008 26,112 ...H. --- "C:\Documents and Settings\HP_Administrator\My Documents\~WRL2607.tmp"
Tue 25 Nov 2008 26,112 ...H. --- "C:\Documents and Settings\HP_Administrator\My Documents\~WRL2963.tmp"
Tue 25 Nov 2008 28,160 ...H. --- "C:\Documents and Settings\HP_Administrator\My Documents\~WRL3096.tmp"
Tue 25 Nov 2008 26,624 ...H. --- "C:\Documents and Settings\HP_Administrator\My Documents\~WRL3885.tmp"
Mon 11 Feb 2008 720 A..H. --- "C:\Program Files\InterActual\InterActual Player\itiD9.tmp"
Mon 7 Jun 2004 45,568 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\~WRL0001.tmp"
Wed 18 Dec 2002 22,016 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\~WRL0002.tmp"
Wed 12 Feb 2003 19,456 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\~WRL0003.tmp"
Mon 7 Jun 2004 19,456 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\~WRL0052.tmp"
Wed 12 Feb 2003 19,968 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\~WRL0231.tmp"
Wed 12 Feb 2003 20,480 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\~WRL0351.tmp"
Mon 7 Jun 2004 19,456 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\~WRL0463.tmp"
Mon 16 May 2005 26,112 ...H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\~WRL0473.tmp"
Wed 12 Feb 2003 19,456 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\~WRL0915.tmp"
Wed 12 Feb 2003 19,968 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\~WRL1584.tmp"
Wed 12 Feb 2003 19,456 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\~WRL1926.tmp"
Mon 16 May 2005 25,088 ...H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\~WRL2009.tmp"
Mon 16 May 2005 24,576 ...H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\~WRL2025.tmp"
Wed 12 Feb 2003 19,456 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\~WRL2244.tmp"
Wed 12 Feb 2003 19,968 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\~WRL2521.tmp"
Wed 12 Feb 2003 19,456 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\~WRL2652.tmp"
Wed 12 Feb 2003 19,968 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\~WRL3254.tmp"
Mon 16 May 2005 25,088 ...H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\~WRL3313.tmp"
Mon 7 Jun 2004 19,968 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\~WRL3618.tmp"
Mon 7 Jun 2004 19,968 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\~WRL3838.tmp"
Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll"
Sat 6 Dec 2008 6,004 A.SH. --- "C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp"
Tue 26 Oct 2004 23,552 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\~WRL0001.tmp"
Fri 29 Oct 2004 24,064 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\~WRL0004.tmp"
Tue 26 Oct 2004 23,040 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\~WRL0302.tmp"
Mon 11 Oct 2004 22,016 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\~WRL0942.tmp"
Tue 26 Oct 2004 23,552 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\~WRL1204.tmp"
Fri 29 Oct 2004 23,040 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\~WRL1459.tmp"
Mon 11 Oct 2004 22,528 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\~WRL1848.tmp"
Tue 26 Oct 2004 20,480 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\~WRL3002.tmp"
Fri 29 Oct 2004 24,064 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\~WRL3494.tmp"
Wed 5 Jan 2005 24,064 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL0004.tmp"
Mon 10 Jan 2005 25,088 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL0033.tmp"
Mon 10 Jan 2005 25,600 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL0172.tmp"
Mon 10 Jan 2005 24,576 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL0198.tmp"
Mon 10 Jan 2005 24,576 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL0202.tmp"
Tue 11 Jan 2005 25,088 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL0280.tmp"
Sun 9 Jan 2005 25,088 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL0472.tmp"
Wed 5 Jan 2005 27,648 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL0575.tmp"
Mon 10 Jan 2005 24,064 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL0875.tmp"
Sun 9 Jan 2005 24,064 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL1060.tmp"
Mon 10 Jan 2005 25,088 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL1080.tmp"
Mon 10 Jan 2005 24,064 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL1198.tmp"
Mon 10 Jan 2005 24,064 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL1274.tmp"
Mon 10 Jan 2005 25,088 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL1509.tmp"
Mon 10 Jan 2005 25,088 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL1541.tmp"
Tue 11 Jan 2005 24,064 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL1900.tmp"
Mon 10 Jan 2005 25,088 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL1951.tmp"
Mon 10 Jan 2005 25,088 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL1994.tmp"
Tue 11 Jan 2005 24,576 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL2065.tmp"
Mon 10 Jan 2005 25,088 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL2079.tmp"
Sun 9 Jan 2005 24,576 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL2080.tmp"
Mon 10 Jan 2005 25,088 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL2081.tmp"
Mon 10 Jan 2005 24,064 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL2142.tmp"
Mon 10 Jan 2005 24,064 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL2201.tmp"
Mon 10 Jan 2005 24,576 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL2202.tmp"
Mon 10 Jan 2005 24,576 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL2288.tmp"
Mon 10 Jan 2005 24,576 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL2300.tmp"
Mon 10 Jan 2005 25,088 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL2313.tmp"
Sun 9 Jan 2005 25,088 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL2540.tmp"
Mon 10 Jan 2005 25,088 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL2598.tmp"
Mon 10 Jan 2005 25,600 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL2670.tmp"
Mon 10 Jan 2005 25,088 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL2682.tmp"
Sun 9 Jan 2005 25,088 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL2761.tmp"
Sat 11 Dec 2004 19,456 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL2883.tmp"
Mon 10 Jan 2005 24,064 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL2996.tmp"
Tue 11 Jan 2005 24,064 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL3397.tmp"
Mon 10 Jan 2005 24,064 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL3550.tmp"
Mon 10 Jan 2005 25,088 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL3667.tmp"
Mon 10 Jan 2005 25,088 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL3830.tmp"
Mon 10 Jan 2005 24,576 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL3890.tmp"
Sun 9 Jan 2005 24,064 A..H. --- "C:\Documents and Settings\HP_Administrator\My Documents\Documents\School Work\English 12 Work\Propaganda project\~WRL4035.tmp"

Finished!

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 AM

Posted 07 December 2008 - 04:19 PM

Looks good. So, if you’re clean, you should create a new Restore Point to prevent possible re-infection from an old one.

Go Start > Programs > Accessories > System Tools and click System Restore. Choose the radio button marked Create a Restore Point on the first screen then click Next. Give the Restore Point a name and then click Create. Then use Disk Cleanup to remove all but the most recently created Restore Point. Go Start > Run and type: "Cleanmgr" (without the quotes). Click Ok > More Options tab > Clean Up in the System Restore section to remove all previous restore points except the newly created one.

Also, go Start > Control Panel and double-click Add or Remove Programs. Post back and report any Java entries that you have.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 4130

4130
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 08 December 2008 - 04:33 PM

Ok so I created teh new restore point and deleted all the others.

In Add/remove programs I have 5 differen Java applications it looks like. Here's the list:

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 2

J2SE Runtime Environment 5.0 Update 9

J2SE Runtime Environment, SE v1.4.2_03

J2SE Runtime Environment, SE v1.4.2_06

Is that all normal or should some of those be removed? I don't even know what they all do. Once again, thanks for all the help that's been given so far it's making my life much easier getting this computer back up and running nice and smooth!

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 AM

Posted 08 December 2008 - 04:46 PM

Those Java entries are all out of date and should be removed. Then download and install the latest from here:

http://www.java.com/en/download/index.jsp

There's also some information on that site which tells you what Java does.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users